KANSAS CITY, KS – Federal prosecutors announced Thursday that a North Korean military intelligence operative, Rim Jong Hyok, has been indicted for his role in a major hacking conspiracy. The indictment accuses Rim of hacking into American healthcare providers, NASA, U.S. military bases, and other international entities to steal sensitive information and install ransomware. The stolen data and ransom payments were used to fund further cyberattacks.
Rim, part of North Korea's Reconnaissance General Bureau's Andariel Unit, is alleged to have laundered money through a Chinese bank to purchase computer servers and support additional cyberattacks. His targets included 17 entities across 11 U.S. states, defense and energy companies in China, Taiwan, and South Korea. The hacking of American hospitals disrupted patient treatments, highlighting the severe impact on citizens.
The indictment details how Rim and his team accessed NASA's computer systems for over three months, extracting 17 gigabytes of unclassified data. They also breached defense companies' systems in Michigan and California and military bases in Texas and Georgia. The stolen information was sent to North Korean military intelligence, aiding the country's military and nuclear ambitions.
Federal prosecutors stated that the Andariel group sought details on fighter aircraft, missile defense systems, satellite communications, and radar systems. Stephen A. Cyrus, an FBI agent in Kansas City, emphasized the significant impact of these cybercrimes on local citizens, noting North Korea's use of such crimes to fund its political and military goals.
Rim, who has worked in North Korea's military intelligence in Pyongyang and Sinuiju, has no attorney listed in online court records. A reward of up to $10 million is offered for information leading to him or other foreign operatives targeting U.S. infrastructure.
The Justice Department has previously prosecuted North Korean hacking cases, often highlighting the profit-driven motives distinguishing these hackers from those in Russia and China. In 2021, three North Korean programmers were charged with a range of hacks, including an attack on an American movie studio and attempts to steal over $1.3 billion from banks and companies worldwide.
The FBI was alerted to the current case by a Kansas medical center in May 2021 after hackers encrypted its files and servers, blocking access to critical patient data and hospital equipment. A ransom note demanded $100,000 in Bitcoin, threatening to post the hospital's files online if the ransom wasn't paid within 48 hours.
Federal investigators traced the Bitcoin payments, revealing that a co-conspirator transferred the funds to a virtual currency address belonging to two Hong Kong residents. The money was then converted into Chinese currency and accessed from an ATM near the Sino-Korean Friendship Bridge connecting China and North Korea.
In 2022, the Justice Department reported the FBI seized approximately $500,000 in ransom payments from these money-laundering accounts, including the entire ransom paid by the Kansas hospital.
Key Points:
While Rim's arrest is unlikely, the indictment could lead to sanctions hampering North Korea's ability to collect ransoms, potentially reducing their motivation for cyberattacks on critical entities like hospitals. Allan Liska, a cybersecurity analyst, suggested this could force North Korean hackers to pivot to more cryptocurrency theft.
“Now, unfortunately, that will force them to do more cryptocurrency theft. So it’s not going to stop their activity. But the hope is that we won’t have hospitals disrupted by ransomware attacks because they’ll know that they can’t get paid,” Liska said.
He also noted that a Chinese entity was among the victims and questioned what the country, which is an ally of North Korea, thinks of being targeted.
“China can’t be too thrilled about that,” he said.
Rim, part of North Korea's Reconnaissance General Bureau's Andariel Unit, is alleged to have laundered money through a Chinese bank to purchase computer servers and support additional cyberattacks. His targets included 17 entities across 11 U.S. states, defense and energy companies in China, Taiwan, and South Korea. The hacking of American hospitals disrupted patient treatments, highlighting the severe impact on citizens.
The indictment details how Rim and his team accessed NASA's computer systems for over three months, extracting 17 gigabytes of unclassified data. They also breached defense companies' systems in Michigan and California and military bases in Texas and Georgia. The stolen information was sent to North Korean military intelligence, aiding the country's military and nuclear ambitions.
Federal prosecutors stated that the Andariel group sought details on fighter aircraft, missile defense systems, satellite communications, and radar systems. Stephen A. Cyrus, an FBI agent in Kansas City, emphasized the significant impact of these cybercrimes on local citizens, noting North Korea's use of such crimes to fund its political and military goals.
Rim, who has worked in North Korea's military intelligence in Pyongyang and Sinuiju, has no attorney listed in online court records. A reward of up to $10 million is offered for information leading to him or other foreign operatives targeting U.S. infrastructure.
The Justice Department has previously prosecuted North Korean hacking cases, often highlighting the profit-driven motives distinguishing these hackers from those in Russia and China. In 2021, three North Korean programmers were charged with a range of hacks, including an attack on an American movie studio and attempts to steal over $1.3 billion from banks and companies worldwide.
The FBI was alerted to the current case by a Kansas medical center in May 2021 after hackers encrypted its files and servers, blocking access to critical patient data and hospital equipment. A ransom note demanded $100,000 in Bitcoin, threatening to post the hospital's files online if the ransom wasn't paid within 48 hours.
Federal investigators traced the Bitcoin payments, revealing that a co-conspirator transferred the funds to a virtual currency address belonging to two Hong Kong residents. The money was then converted into Chinese currency and accessed from an ATM near the Sino-Korean Friendship Bridge connecting China and North Korea.
In 2022, the Justice Department reported the FBI seized approximately $500,000 in ransom payments from these money-laundering accounts, including the entire ransom paid by the Kansas hospital.
Key Points:
- Rim Jong Hyok, a North Korean operative, was indicted for hacking U.S. healthcare, NASA, and military bases.
- Stolen data and ransomware are used to fund more cyberattacks.
- Hacking disrupted American hospitals, impacting patient care.
- The indictment may lead to sanctions reducing North Korea's ransomware activities.
While Rim's arrest is unlikely, the indictment could lead to sanctions hampering North Korea's ability to collect ransoms, potentially reducing their motivation for cyberattacks on critical entities like hospitals. Allan Liska, a cybersecurity analyst, suggested this could force North Korean hackers to pivot to more cryptocurrency theft.
“Now, unfortunately, that will force them to do more cryptocurrency theft. So it’s not going to stop their activity. But the hope is that we won’t have hospitals disrupted by ransomware attacks because they’ll know that they can’t get paid,” Liska said.
He also noted that a Chinese entity was among the victims and questioned what the country, which is an ally of North Korea, thinks of being targeted.
“China can’t be too thrilled about that,” he said.
For corrections or revisions, click here.
The opinions reflected in this article are not necessarily the opinions of LET
Comments
2024-07-30T03:33+0530 | Comment by: Eric
Maybe Kakkala can amass a bail fund for him. America is screwed.
2024-07-30T04:05+0530 | Comment by: Harry
President Kamala Harris would pardon him before trial if he was caught and she were elected !